Merge pull request #2 from CloudNinjaDev/infra

Refactor Terraform configuration for MongoDB deployment: modularize E…

Author: CloudNinjaDev

.github/workflows/cd.yml

@@ -10,17 +10,17 @@ on:
 
   workflow_dispatch:
     inputs:
-      plan_only:
-        description: 'Run plan only (no apply)'
-        required: false
-        default: 'false'
+      environment:
+        description: 'Environment to deploy'
+        required: true
+        default: 'production'
         type: choice
         options:
-          - 'true'
-          - 'false'
+          - 'production'
+          - 'staging'
 
       destroy:
-        description: 'Destroy all infrastructure (DANGEROUS)'
+        description: 'Destroy infrastructure'
         required: false
         default: 'false'
         type: choice
@@ -31,27 +31,22 @@ on:
 permissions:
   contents: read
   id-token: write
-  issues: write
 
 env:
   AWS_REGION: us-west-2
-  TF_WORKING_DIR: terraform
   TERRAFORM_VERSION: 1.6.0
 
 jobs:
-  terraform-plan:
-    name: Plan Infrastructure Changes
+  deploy:
+    name: Deploy to ${{ github.event.inputs.environment || 'production' }}
     runs-on: ubuntu-latest
 
     environment:
-      name: production
+      name: ${{ github.event.inputs.environment || 'production' }}
 
     defaults:
       run:
-        working-directory: ${{ env.TF_WORKING_DIR }}
-    
-    outputs:
-      has_changes: ${{ steps.plan.outputs.exitcode == 2 }}
+        working-directory: terraform/stacks/${{ github.event.inputs.environment || 'production' }}
 
     steps:
       - name: Checkout Code
@@ -60,174 +55,51 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-access-key-id: ${{ secrets.AWS_SECRET_ACCESS_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-access-key-id: ${{ secrets.AWS_SECRET_ACCESS_ID }}  # DO NOT CHANGE THIS LINE
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}  # DO NOT CHANGE THIS LINE
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: ${{ env.TERRAFORM_VERSION }}
-          terraform_wrapper: false
-      
-      - name: Terraform Format Check
-        run: terraform fmt -check -recursive
 
       - name: Terraform Init
-        run: terraform init -upgrade
-      
-      - name: Terraform Validate
-        run: terraform validate
+        run: terraform init
 
       - name: Terraform Plan
-        id: plan
-        run: |
-          terraform plan -detailed-exitcode -out=tfplan -input=false || exit_code=$?
-          echo "exitcode=$exit_code" >> $GITHUB_OUTPUT
-          terraform show tfplan -no-color
-        continue-on-error: true
-      
-      - name: Upload Plan Artifact
-        if: steps.plan.outputs.exitcode == 2
-        uses: actions/upload-artifact@v4
-        with:
-          name: terraform-plan-${{ github.sha }}
-          path: ${{ env.TF_WORKING_DIR }}/tfplan
-          retention-days: 1
-      
-      - name: Create Deployment Summary
-        if: always()
-        run: |
-          echo "## Terraform Plan Summary" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "- **Workflow:** ${{ github.workflow }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Triggered by:** ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Commit:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Plan Status:** ${{ steps.plan.outcome }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Has Changes:** ${{ steps.plan.outputs.exitcode == 2 }}" >> $GITHUB_STEP_SUMMARY
-
-  terraform-apply:
-    name: Apply Infrastructure Changes
-    runs-on: ubuntu-latest
-    
-    needs: terraform-plan
-    if: |
-      needs.terraform-plan.result == 'success' &&
-      needs.terraform-plan.outputs.has_changes == 'true' &&
-      github.event.inputs.plan_only != 'true'
-    
-    defaults:
-      run:
-        working-directory: ${{ env.TF_WORKING_DIR }}
-    
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-      
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_SECRET_ACCESS_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
-      
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
-      
-      - name: Terraform Init
-        run: terraform init -upgrade
-      
-      - name: Download Plan Artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: terraform-plan-${{ github.sha }}
-          path: ${{ env.TF_WORKING_DIR }}
+        if: github.event.inputs.destroy != 'true'
+        run: terraform plan -var-file=terraform.tfvars
 
       - name: Terraform Apply
-        id: apply
-        run: |
-          echo "Applying Terraform changes..."
-          terraform apply -auto-approve -input=false tfplan
+        if: github.event.inputs.destroy != 'true'
+        run: terraform apply -var-file=terraform.tfvars -auto-approve
 
-      - name: Get Terraform Outputs
+      - name: Terraform Destroy
+        if: github.event.inputs.destroy == 'true'
+        run: terraform destroy -var-file=terraform.tfvars -auto-approve
+      
+      - name: Get Outputs
+        if: github.event.inputs.destroy != 'true'
         id: outputs
-        if: steps.apply.outcome == 'success'
         run: |
           echo "instance_id=$(terraform output -raw instance_id)" >> $GITHUB_OUTPUT
           echo "instance_public_ip=$(terraform output -raw instance_public_ip)" >> $GITHUB_OUTPUT
           echo "instance_private_ip=$(terraform output -raw instance_private_ip)" >> $GITHUB_OUTPUT
+        continue-on-error: true
 
-      - name: Create Deployment Summary
+      - name: Deployment Summary
         if: always()
         run: |
-          echo "## Terraform Apply Summary" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "- **Workflow:** ${{ github.workflow }}" >> $GITHUB_STEP_SUMMARY
+          echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
+          echo "- **Environment:** ${{ github.event.inputs.environment || 'production' }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Action:** ${{ github.event.inputs.destroy == 'true' && 'Destroy' || 'Deploy' }}" >> $GITHUB_STEP_SUMMARY
           echo "- **Triggered by:** ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Commit:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Apply Status:** ${{ steps.apply.outcome }}" >> $GITHUB_STEP_SUMMARY
           
-          if [ "${{ steps.apply.outcome }}" == "success" ]; then
+          if [ "${{ github.event.inputs.destroy }}" != "true" ] && [ "${{ steps.outputs.outputs.instance_id }}" != "" ]; then
             echo "" >> $GITHUB_STEP_SUMMARY
-            echo "### EC2 Instance Information" >> $GITHUB_STEP_SUMMARY
+            echo "### Instance Details" >> $GITHUB_STEP_SUMMARY
             echo "- **Instance ID:** ${{ steps.outputs.outputs.instance_id }}" >> $GITHUB_STEP_SUMMARY
             echo "- **Public IP:** ${{ steps.outputs.outputs.instance_public_ip }}" >> $GITHUB_STEP_SUMMARY
             echo "- **Private IP:** ${{ steps.outputs.outputs.instance_private_ip }}" >> $GITHUB_STEP_SUMMARY
-            echo "" >> $GITHUB_STEP_SUMMARY
-            echo "### Connect to Instance" >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
-            echo "ssh -i ~/.ssh/ashish-test-kp.pem ec2-user@${{ steps.outputs.outputs.instance_public_ip }}" >> $GITHUB_STEP_SUMMARY
-            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
           fi
-      
-      - name: Notify on Failure
-        if: failure()
-        run: |
-          echo "::error::Terraform apply failed. Please check the logs and fix the issues."
-
-  terraform-destroy:
-    name: Destroy Infrastructure
-    runs-on: ubuntu-latest
-    
-    if: github.event_name == 'workflow_dispatch' && github.event.inputs.destroy == 'true'
-    
-    environment:
-      name: destroy-production
-    
-    defaults:
-      run:
-        working-directory: ${{ env.TF_WORKING_DIR }}
-    
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
-      
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_SECRET_ACCESS_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
-      
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: ${{ env.TERRAFORM_VERSION }}
-      
-      - name: Terraform Init
-        run: terraform init -upgrade
-      
-      - name: Terraform Destroy
-        run: |
-          echo "Destroying all infrastructure..."
-          terraform destroy -auto-approve -input=false
-      
-      - name: Confirm Destruction
-        run: |
-          echo "## Infrastructure Destroyed" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "All resources have been destroyed." >> $GITHUB_STEP_SUMMARY
-          echo "- **Triggered by:** ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
-          echo "- **Timestamp:** $(date)" >> $GITHUB_STEP_SUMMARY